What you need to know
- A security researcher has warned of some major issues in iOS 15.
- They say that three zero-day vulnerabilities discovered in Apple's iPhone software still haven't been fixed.
A security researcher has warned that Apple has not fixed three zero-day vulnerabilities discovered in iOS 15.
Illusionofchaos took to the web stating:
The researcher says that they contacted Apple to get an update and threatened to make their findings public if they didn't get an explanation. Whilst one issue found has been patched in iOS 14.7, three more issues are apparently still present in the latest software Apple released earlier this week in advance of the iPhone 13 launch today.
One issue reportedly lets any app installed from the App Store access a user's Apple ID email and full name, Apple ID authentication token, a database containing contact information and interaction records, and the Speed Dial and Address Book database including things like contact pictures. Another vulnerability "allows any user-installed app to determine whether any app is installed on the device given its bundle ID." The final zero-day bug "makes it possible for any qualifying app (e.g. posessing location access authorization) to gain access to Wifi information without the required entitlement."
Illusionofchaos says they sent detailed reports to Apple in April of this year and was quickly informed Apple was investigating the issues. As noted, whilst one other problem has been fixed the aforementioned vulnerabilities all still persist, and Illusionofchaos says they haven't received any reply from Apple as of Friday, September 24.
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
Stephen Warwick has written about Apple for five years at iMore and previously elsewhere. He covers all of iMore's latest breaking news regarding all of Apple's products and services, both hardware and software. Stephen has interviewed industry experts in a range of fields including finance, litigation, security, and more. He also specializes in curating and reviewing audio hardware and has experience beyond journalism in sound engineering, production, and design.
Before becoming a writer Stephen studied Ancient History at University and also worked at Apple for more than two years. Stephen is also a host on the iMore show, a weekly podcast recorded live that discusses the latest in breaking Apple news, as well as featuring fun trivia about all things Apple. Follow him on Twitter @stephenwarwick9